b7938ac2d50c06cdb39ff20d1cc14296e6997860595fdbef0c0fb2b0ffc7da02 | Triage

Analysis

max time kernel
148s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
15-11-2023 11:16

Sharing

Report Analysis Logs

General

Target

example1.exe
Size

664KB
MD5

0bbbbf05e3ab9c1f5b52e4be35f7a1e4
SHA1

72f89ee01cfbd083f8febfae0abf4f3e5a0c2da2
SHA256

b7938ac2d50c06cdb39ff20d1cc14296e6997860595fdbef0c0fb2b0ffc7da02
SHA512

535e7d4283b90c28d740ea0e98e44ac6e9a376bfc8d894090bd4fc13d87192bc114435471ff79a5335df0af3f742dea3b5c45563433a2ab431839550ea47e39c
SSDEEP

12288:C3adGxr29PnpJub9UIjyS0Bbe7+qqSrnPVMEw+9wMLDBTYptG:xdVvU9UeMhTMRTYptG

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1428	example1.exe
1428	example1.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1428	example1.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	3424	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3424	AUDIODG.EXE

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1428	example1.exe
1428	example1.exe

C:\Users\Admin\AppData\Local\Temp\example1.exe
"C:\Users\Admin\AppData\Local\Temp\example1.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1428

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x344 0x494
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3424

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Error.gut

Filesize
77B

MD5
f9c27303b6d73bc266c71a7354a457e1

SHA1
c059c10872cd447693d1da19392c2dad289f02fb

SHA256
616ffa02e35e70608d64490026be844f328fbba135c7396d941fbf00fde5b5da

SHA512
b87dd39ed78114623687c930adef380e1b279ff6c26035bb82c217368043133042cfc5d75c288df21b45df9a40f48f3caeaad96a75450bfc71073edd67811cc9

Download Submit